The proposed Digital Personal Data Protection Rules, 2025, mandate adult consent for children to open social media accounts, enforce stringent data protection measures, and penalize breaches up to ₹250 crore. Public feedback is invited until February 18 via mygov.in.
Child Consent for Social Media
The draft rules emphasize safeguarding children’s data by requiring:
- Verifiable Consent: An adult, either a parent or guardian, must provide consent for a child to open social media accounts.
- Due Diligence: Companies must implement measures to verify that the consent giver is an identifiable adult.
Core Provisions of the Draft Rules
- Consumer Data Rights:
- Users can request deletion of their data.
- Consumers have the right to know why their data is being collected.
- Transparency Requirements:
- Companies must clearly disclose their handling of personal data.
- Penalties:
- Fines of up to ₹250 crore for data breaches.
Definitions Introduced
- E-Commerce Entity:
Any person operating a digital platform for e-commerce, excluding sellers using marketplace platforms as defined in the Consumer Protection Act, 2019. - Social Media Intermediary:
Platforms facilitating interaction and content sharing among users, as per the Information Technology Act, 2000. - Online Gaming Intermediary:
Platforms providing access to online games through computer resources.
Child and Disability Data Protection
Processing personal data of children and persons with disabilities will strictly require:
- Verifiable consent from a parent, guardian, or authorized individual.
- Compliance with technical and organizational safeguards to ensure data protection.
Public Consultation
The Ministry of Electronics and Information Technology (MeitY) has opened the draft for public feedback until February 18, 2025, through mygov.in. The finalized rules aim to enhance data privacy and accountability across digital platforms.
The proposed regulations mark a significant step toward securing digital privacy and empowering consumers.
